The past 12 months in cybersecurity have been a rough ride. In cybersecurity, everything is broken — it’s just a matter of finding it — and this year felt like everything broke at once, especially toward the end of the year. But for better or worse, we end the year knowing more than we did before.
Here we look back at the year that’s been, and what we learned along the way.
1. Ransomware costs businesses because of downtime, not ransom payments
The scourge of file-encrypting malware continues. Ransomware this year alone forced entire towns offline, blocked paychecks and caused fuel shortages, as entire company networks were held for ransom in exchange for millions of dollars in cryptocurrency payments. The U.S. Treasury estimates that ransomware operators are likely to make more from ransom payments in 2021 than they did during the past decade. But research shows that the businesses face the most losses through lost productivity and the often-arduous task of cleaning up after a ransomware attack — including incident response and legal support.
2. The FTC can order mobile spyware makers to notify their victims
SpyFone became the first-ever spyware maker to be banned in the U.S. following an order from the Federal Trade Commission in September. The FTC accused the “stalkerware” app maker of creating the stealthy malware to allow stalkers and domestic abusers real-time access to data, such as messages and location history, on their victims’ phones but…